[Owasp-board] press release (was: Vote Request - OWASP Participation at RSA)

Sarah Baso sarah.baso at owasp.org
Tue Jan 7 23:51:24 UTC 2014


Sounds good!

Sarah


On Tue, Jan 7, 2014 at 5:48 PM, Tobias <tobias.gondrom at owasp.org> wrote:

>  Sarah,
>
> will be my pleasure.
> Please give me one or two days to write it up and let my PA check my
> spelling.
> And will upload it as Google Doc.
> Then you and the board need to have some time (3-7 days?) to review, edit
> and finalise it.
> Then my recommendation would be to put it for 3-5 days towards the leaders
> and governance list to confirm, though by then we should have done our very
> best so that no more edits are needed.
>
> So I would expect a release in maybe 20 days. Unless you see the need for
> a hurry?
>
> What do you think?
>
> Thanks and all the best, Tobias
>
>
> On 07/01/14 23:39, Sarah Baso wrote:
>
> Tobias -
> Thanks for your offer to prepare a press release with a public statement
> regarding OWASP principles & that we think weakening or undermining crypto
> is a bad idea....
>
>  Would you start preparing something as a google doc and share it with
> the rest of the board and myself for review?
>
>  Also, what is our timeline/goal for release?  Next week?  I can do this
> through our OR newswire account when we are ready.
>
>  Thanks,
>
>  Sarah
>
>
> On Mon, Jan 6, 2014 at 6:42 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>
>>  My vote is: Yes. OWASP shall terminate the co-marketing agreement with
>> RSA for RSA 2014.
>>
>> My reasons are:
>>
>>  1. community feedback and discussion (there seems to be a significant
>> part of the community concerned about this) Note: I would have loved to see
>> an OWASP community poll on this before making this decision to get a better
>> feel for the wishes of our community, but acknowledge Michael's request
>> that we need to decide this urgently.
>>
>>  2. we have an alternative (as outlined in Sarah's email, BSides) that
>> can fulfil the goal equally.
>>
>>  3. I understand that there is a lot of uncertainty about RSA's level of
>> involvement. And I don't feel in a position to make a final judgement about
>> this. And as often with secrecy, we possibly never will be.
>> But in this case we don't have to have final judgement. The co-marketing
>> agreement is quite extensive and could be seen as active endorsement. To
>> follow such an agreement we would need to have a very high level of
>> confidence and trust in the other party. So already a reasonable shadow of
>> doubt is sufficient grounds, to distance OWASP in this case from a very
>> active co-marketing agreement with the company RSA, to avoid being
>> interpreted as an active endorsement of a commercial entity currently under
>> review. And we should abstain from actively endorsing RSA for the time
>> being, until all facts of the case have been properly examined (note: not
>> by us, as we are not an investigative body).
>>
>> In addition to that:
>> I propose that OWASP should prepare and release a press release or public
>> statement that OWASP thinks weakening or undermining crypto is a really bad
>> idea. (I will be happy to assist with the preparation of the text.) This
>> press release shall advocate our general OWASP principles and shall _not_
>> mention RSA, the RSA conference or any other company by name. (personal
>> note: btw. RSA should have no problem with such a press release, as they
>> officially deny any such activities...)
>>
>> All the best, Tobias
>>
>>
>> Tobias Gondrom
>> Owasp Global Board
>>
>>
>>
>>
>>
>>
>> On 06/01/14 23:51, Michael Coates wrote:
>>
>>   "OWASP will terminate the co-marketing agreement with RSA for RSA
>> 2014.
>> This may place our training at risk, but if permitted we will still
>> provide the free training at RSA and the OWASP speaking slot."
>>
>>  Michael - Yes
>> Tom -
>> Tobias -
>> Fabio -
>> Josh - Yes
>>  Jim - abstain
>>  Eoin - abstain
>>
>>
>>
>>
>>
>> --
>> Michael Coates
>>
>>
>>
>>
>> On Mon, Jan 6, 2014 at 3:47 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
>>
>>>  Same here, I can't vote, I believe as the class delivery and material
>>> is mine and it would be a conflict.
>>> I would be a "no" if I could.
>>>
>>>  Not sure why participation in an event requires a vote given other
>>> events did not require such....
>>>
>>>  My view is based on
>>>
>>>  1. community feeling, (it has split the community very strongly).
>>>
>>>  2. logic (we have somewhere else), and
>>>
>>>  3. the goal (I don't care which roof the class is delivered under as
>>> long as we teach many people and serve our mission).
>>>
>>>
>>> Eoin Keary
>>> Owasp Global Board
>>> +353 87 977 2988
>>>
>>>
>>> On 6 Jan 2014, at 23:23, Jim Manico <jim.manico at owasp.org> wrote:
>>>
>>>   I state conflict of interest here and cannot vote. But I certainly
>>> respect the boards opinion and am leaning towards "no" if I could vote.
>>>
>>> --
>>> Jim Manico
>>> @Manicode
>>> (808) 652-3805 <%28808%29%20652-3805>
>>>
>>> On Jan 6, 2014, at 12:31 PM, Michael Coates <michael.coates at owasp.org>
>>> wrote:
>>>
>>>    Board,
>>>
>>> I'd like to request a vote on OWASP's participation at RSA. I've
>>> captured my position on the public OWASP thread.
>>> http://lists.owasp.org/pipermail/owasp-leaders/2014-January/010647.html
>>>
>>> Please provide any discussion to the vote or cast your vote. Note that
>>> this is a time sensitive issue.
>>>
>>>
>>> My vote request is as follows:
>>>
>>>  OWASP will terminate the co-marketing agreement with RSA for RSA 2014.
>>> This may place our training at risk, but if permitted we will still
>>> provide the free training at RSA and the OWASP speaking slot.
>>>
>>>  Board Votes:
>>>  Michael
>>>  Tom
>>>  Tobias
>>>  Fabio
>>>  Josh
>>>  Jim
>>> Eoin
>>>
>>>
>>>
>>>  Note: Unrelated to the vote - we can still provide free training at
>>> BSides too.
>>>
>>>
>>> --
>>>    Michael Coates
>>> Chair of OWASP Board
>>> @_mwc
>>>
>>>       _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>   _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>>
>> _______________________________________________
>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
>
>  --
>  Executive Director
> OWASP Foundation
>
>  sarah.baso at owasp.org
> +1.312.869.2779
>
>
>
>
>
>


-- 
Executive Director
OWASP Foundation

sarah.baso at owasp.org
+1.312.869.2779
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140107/3ff81471/attachment-0001.html>


More information about the Owasp-board mailing list